Hitachi Storage Viewer Security Brief
Hitachi Storage Viewer provides a platform for the following products:
• Hitachi Storage Viewer for Backup
• Hitachi Storage Viewer for Capacity
• Hitachi Storage Viewer for SAN Fabrics
• Hitachi Storage Viewer for File Analytics
• Hitachi Storage Viewer for Virtual Servers
Hitachi Storage Viewer can be deployed securely in a variety of operational environments, including a private LAN, virtual private network (VPN), corporate Intranet and even the public Internet. The security features for Hitachi Storage Viewer communications (for example, between Web Client and Host) can be customized for your operational environment. Hitachi Storage Viewer can be configured to provide an end-to-end security context between the user’s browser and the Hitachi Storage Viewer Portal Server which provides security, privacy, user authentication and no repudiation. Messages between the Hitachi Storage Viewer Web Client and Portal Server (Portal) are secured when the server is configured to use HTTPS/SSL, which provides for authentication and encryption of traffic. SSL communication between the Portal and the Data Collectors is fully supported.
Figure 1.1 Platform Architecture
Architecture
Hitachi Storage Viewer has a hub and spoke architecture with two main components:
• Portal: A centralized location (the underlying database is embedded and includes licenses etc. for Oracle 11g).
• Data Collectors: For Hitachi Storage Viewer for Backup, the Data Collector interfaces with the underlying Backup Vendor Products (for example, NetBackup, TSM, NetWorker, HP Data Protector, or Backup Exec) using the standard published interfaces to that backup product. Likewise, for Hitachi Storage Viewer for Capacity
, the Data Collector uses storage array mechanisms specific to each vendor’s storage system (for example, HDS, IBM, EMC Symmetrix, EMC CLARiiON, and NetApp). In addition, Host Resources data is acquired, as described in
Managed Host Security. The data is parsed and packaged into Java objects; serialized into an HTTP or HTTPS data stream, compressed and sent over network via port 80 (HTTP) or port 443 (HTTPS) and inserted into the underlying Portal database.
Portal Server Architecture
Hitachi Storage Viewer uses a three-tiered architecture on the Portal Server(s):
• Web Server: Hitachi Storage Viewer embeds Apache and applies the latest set of Apache security patches to eliminate all known security vulnerabilities.
• Apache Tomcat: Hitachi Storage Viewer uses Tomcat as the Java Servlet engine. Hitachi Storage Viewer communicates between Apache and Tomcat using standard Apache connectors.
• Oracle 11g database: Hitachi Storage Viewer communicates with the Oracle 11g database using JDBC.
The Hitachi Storage Viewer Portal deploys Apache Tomcat on a single web server and the Oracle 11g database on its own dedicated system.
Figure 1.2 Architecture with Port Numbers
Web Browser Security
All of the Hitachi Storage Viewer Portal features, including Hitachi Storage Viewer for Capacity, are accessible through a standard web browser that supports HTML 5. This native browser integration eliminates the need for Java applets, ActiveX controls, or any other piece of client-installed software. This browser-based user interface allows corporations to leverage standards-based security, such as SSL, to protect and encrypt traffic between the Hitachi Storage Viewer Portal and the client browser.
User Authentication
The Hitachi Storage Viewer Portal supports the following user authentication methods:
• Local LDAP. Hitachi Storage Viewer Portal bundles OpenLDAP to manage user login authentication. For information about OpenLDAP, go to
http://www.openldap.org.
• Enterprise LDAP. Refers to any standard LDAP service, including Microsoft Active Directory. For information about Active Directory, go to
Microsoft’s Active Directory portal.
By default, Hitachi Storage Viewer Portal uses OpenLDAP for user authentication.
